Computer security method and apparatus

ABSTRACT

A method of securing data stored on an electronic device  1,  the method comprising encrypting the data using a cryptographic key derivable from or accessed using a passphrase, requiring the entry into the device of the passphrase when a user wishes to access the data, subsequently inhibiting access to the data whilst the device  1  remains active, and requiring the entry into the device of a predefined password when a user wishes to access the data, the password being different from the passphrase.

FIELD OF THE INVENTION

The present invention relates to a method and apparatus for securing acomputer system or device and more particularly to a system andapparatus which employs password protection.

BACKGROUND TO THE INVENTION

The security of electronic data is of major concern to both individualsand organisations. There are many circumstances in which the disclosureof electronic data to an unauthorised third party can result inconsiderable damage or loss to the owner of the data. Apart of coursefrom normal physical security measures, the most common way to protectdata is to encrypt the data and or to “lock” access to the data using apassphrase (or password). A typical security system (for exampleF-Secure's Filecrypto™) might, upon installation, require a user tocreate a passphrase. A cryptographic hash function and/or messageauthentication code algorithm is applied to the passphrase to derive acryptographic key. Alternatively, a cryptographic key may be generatedseparately and protected by encrypting it with the key derived from thepassphrase (this makes it possible for the user to change the passphrasewithout requiring all of the data to be re-encrypted). When it issubsequently required to encrypt data (e.g. a data file), thecryptographic key is applied to the data using an encryption function.In order to decrypt previously encrypted data, the user must enter thepassphrase. The cryptographic key is again derived from the passphraseor used to access the passphrase, and the data decrypted by applying thekey to the data using an inverse transformation. As a back-up, a usermay store a copy of the cryptographic key on some external storagemedium (typically a floppy disk). Neither the key nor the passphrase arestored permanently on the protected computer system.

The value of a passphrase as a source for a symmetric cipher key can bemeasured as the amount of entropy that the password contains. Forexample, words constructed using the Latin alphabet have an entropy ofapproximately 1 bit per letter, whilst a totally random string oflowercase letters and numbers has an entropy of approximately 5 bits perletter. The following table shows that a proper password should be quitelong in order to provide adequate protection against a brute forceattack, i.e. an exhaustive search of all possible key values.

Symmetric key length Time required to break 56 bits 5 minutes 80 bits 50years 96 bits 3 million years 128 bits  10¹⁶ years

The times shown in the table correspond with computing performance ofequipment worth of $10 million USD. In the light of ever increasingcomputing power and new processing techniques, a key of around 90 bitswould appear to provide an adequate level of security.

The strength of the encryption process is dependent on the length andrandomness of the password. To achieve the required level of security, apassphrase comprising a totally random string of lowercase letters andnumbers should have a length of 18 characters. It will be apparent thatthe process of entering such a passphrase into a computing device isrelatively laborious. As such, currently implemented systems tend torequire the entry of the passphrase only when a user first turns on thedevice (typically once per day). At this time, the cryptographic key isgenerated and stored in a memory of the device. For as long as thedevice remains on, the key is maintained. Only when the machine isturned off or re-booted is the key deleted. All stored encrypted datamay be decrypted when the machine is turned on and the password entered,and subsequently re-encrypted when the machine is turned off, or datamay be decrypted and encrypted only on demand.

This mechanism works well for personal computers and the like which tendto have fixed locations and are relatively unportable. The chance of amachine being stolen during working hours is low. However, for portablecomputing devices, implementing the described mechanism may represent anunacceptable security risk as there is a distinct possibility that thedevices may be lost or stolen when they are carried out of the officeenvironment (or even stolen from the office given their small size) whenthey are in an on state. Examples of portable devices are laptop andpalmtop computers, as well as PDAs and mobile telephones.

SUMMARY OF THE INVENTION

A solution to the problem outlined above is to require a user to enterthe passphrase at regular intervals whilst the device is turned on. Theoperation of such a system might be analogous to a screensaver, i.e.after some predefined period of non-use, the device enters a standbymode in which all previously decrypted data is re-encrypted and the keydeleted. To return the device to the normal operating mode, the usermust enter the passphrase. The problem is that the laborious operationof entering the passphrase may need to be carried out many times a day.Users will tend to extend the predefined time period after which thestandby mode is entered, perhaps to a point at which security iscompromised, or turn this additional security measure off altogether.This is made more likely in the case of mobile devices as these oftenhave only basic data entry facilities, e.g. a touch screen or a limitedcharacter keypad, making the entry of long passphrases a slow process.

In order to overcome this problem, the present invention proposes a twolevel authentication mechanism in which a user has both a passphrase anda shorter password or PIN. Once the device has been activated byentering the passphrase, the user may be prompted to enter the passwordor PIN, for example after some period of non-use.

According to a first aspect of the present invention there is provided amethod of securing data stored on an electronic device, the methodcomprising encrypting the data using a cryptographic key derivable fromor accessible using a passphrase, requiring the entry into the device ofthe passphrase when a user wishes to access the data, subsequentlyinhibiting access to the data whilst the device remains active, andrequiring the entry into the device of a predefined password when a userwishes to access the data, the password being different from thepassphrase.

The terms “passphrase” and “password” are not intended to limit theinvention only to textual passphrases and passwords. Rather these termsare intended to cover all appropriate means of identification including,for example, graphical representations such as pictures and drawings(produced by the user or selected from a list of options), a series ofscreen taps made by the user on a touch screen at specific locations,spoken passwords and passphrases, biometrics such as fingerprint andretina scans recognition. Passwords and passphrases may also begenerated by a user using a hardware token.

Embodiments of the present invention make it possible for a user tospecify a relatively long passphrase having sufficient entropy to ensureadequate security, whilst at the same time defining a relatively shortpassword for more frequent use, e.g. after the device has timed out. Thepassphrase authenticates the user and serves as a source for acryptographic key or as a means of accessing an encryption. The passwordonly authenticates or identifies the user, and can be similar to thepassphrase, as long as it provides for easier and faster entry, e.g. itcan be a numeric PIN code, a handwritten signature, or identificationthrough a biometric device or hardware token.

The cryptographic key used to encrypt the data may be derived directlyfrom the passphrase. Alternatively, the cryptographic key may be derivedindependently of the password, with the key being encrypted using thepassphrase or using a second key derived using the passphrase and storedin the device. In this case, a passphrase entered by the user isemployed to access the encrypted key.

Preferably, following inhibition of data access, the device requiresthat the user enter the correct password within a predefined number ofattempts, e.g. one. If the user fails to enter the correct passwordwithin this number of attempts, the cryptographic key stored by thedevice may be deleted, and the user requested to enter the correctpassphrase. The device may require that the user enter the correctpassphrase within a predefined number of attempts, e.g. three. Failingthis, the encrypted data may only be accessed by entering thecryptographic key into the device, e.g. from a backup source.

According to second aspect of the present invention there is provided amethod of preventing unauthorised access to electronic data stored on acomputer device, the method comprising:

-   -   requesting a user to input a passphrase into the device;    -   receiving an entered passphrase and using the passphrase to        generate or access a cryptographic key;    -   storing the cryptographic key in a memory of the device, wherein        the stored key can be used to subsequently encrypt and decrypt        data on the device;    -   subsequently inhibiting a user from accessing data on the device        after a predefined period, or after a predefined period of        non-use, or after some predefined action by the user;    -   requesting a user to input a password into the device;    -   receiving the password and, only if the password corresponds to        a predefined password which is different from said passphrase,        allowing the user to access data on the device, otherwise        continuing to inhibit a user from accessing data on the device.

According to a third aspect of the present invention there is providedapparatus for securing electronic data, the apparatus comprising:

-   -   a memory for storing encrypted and unencrypted data:    -   first processing means for encrypting data using a cryptographic        key derivable from or accessed using a passphrase;    -   input means for receiving the passphrase from a user when the        user wishes to access the data;    -   second processing means for subsequently inhibiting access to        the data whilst the device remains active, and for requiring the        entry into the device of a predefined password via said input        means when a user wishes to access the data, the password being        different from the passphrase.

The apparatus of the present invention is preferably a mobile computerdevice such as a laptop or palmtop computer, a PDA, or a mobiletelephone.

According to a fourth aspect of the present invention there is provideda computer storage medium having stored thereon a program for causing acomputer device to secure data stored on the electronic device by:

-   -   encrypting the data using a cryptographic key derivable from or        accessed using a passphrase, requiring the entry into the device        of the passphrase when a user wishes to access the data,        subsequently inhibiting access to the data whilst the device        remains active, and requiring the entry into the device of a        predefined password when a user wishes to access the data, the        password being different from the password.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates schematically a mobile computer device; and

FIG. 2 is a flow diagram illustrating a method of securing data on thedevice of FIG. 1.

DETAILED DESCRIPTION OF CERTAIN EMBODIMENTS

There is illustrated in FIG. 1 a mobile computing device 1 which, inthis example, is a personal digital assistant (PDA). The PDA has a largedisplay screen 2 which is touch sensitive to provide a mechanism forentering data into the device. The device 1 also has an on/off button 3for turning the device on and off. The PDA 1 includes mobile (cellular)telephone functionality, e.g. GSM or third generation (e.g. 3G). The PDA1 comprises a microprocessor 4, a ROM memory 5, and a RAM memory 6. Partof the RAM memory is allocated to provide a cache memory 7.

The RAM 6 is arranged to store both program files and user data. Storedin the RAM 6 (or possibly the ROM 5) is program code for encryptingdata, typically user data files such as text files, images, contacts,spreadsheets, etc, and which is run by the microprocessor 4 using thecache memory 7. The program may use an algorithm such as DES, TripleDES, AES or RSA, and makes use of a cryptographic key generated byapplying a hash function and/or message authentication code algorithm toa passphrase supplied by a user of the device. To ensure adequatesecurity, the passphrase should be a string of at least 18 alphanumericcharacters (although a user may select fewer characters if he or she iswilling to accept a lower level of security). The passphrase is firstentered into the device when the encryption application is installedinto the device (or when it is first activated if the encryptionapplication is pre-installed into the PDA 1).

The user is prompted to save a back-up copy of the cryptographic key incase the passphrase is later lost or forgotten. The key may be presentedto the user on the display so that he can write it down on paper, or maybe output electronically to some external device. Alternatively or inaddition a copy of the key may be sent to the user's mobile networkoperator for safe storage (e.g. in an SMS text message) or via theoperator to some third party (e.g. the vendor of the encryptionapplication).

During installation or initialisation, the user is also asked to enter ashort password which may be for example a four digit numerical PIN. Thepassword is stored securely in the RAM 6, encrypted using the passphraseor cryptographic key. The purpose of the password will be explainedbelow, but it is noted here that the password can be entered easily andquickly into the PDA as compared to the passphrase.

When the PDA 1 is turned on using the on/off button 3 (following earlierinstallation of the encryption application into the PDA) and the deviceboots up, the user is prompted on the display 3 to enter his chosenpassphrase, e.g. using the graphic 8 shown on the display 2 in FIG. 1.An alphanumeric keypad may be displayed with which the user can “tap”out the passphrase. When the passphrase is entered (e.g. using the touchsensitive display), a corresponding cryptographic key generated usingthe passphrase. The authenticity of the key and passphrase are confirmedby the ability of the key decrypt previously encrypted data (or bycalculating a cryptographic checksum of the passphrase or thecryptographic keys with a hash function, and comparing that result witha similar checksum stored previously on the system). The key is securelystored in the RAM 6 and the passphrase deleted from the memory. At thisstage, all encrypted data stored in the RAM 6 may be decrypted using thekey. When the PDA is subsequently turned off, the data is re-encrypted.However, for security and processing reasons it may be preferable todecrypt and encrypt data only on demand or request. That is, when a userrequests access to particular data, the data is decrypted and is storedtemporarily in the cache memory 7. If the data is amended and a requestis made by the user to save the data, the data is re-encrypted andwritten to the RAM 6. Other data remains encrypted throughout thisprocess.

If the encryption application detects that the PDA 1 has been unused forsome predefined period of time, it causes the PDA to enter an idle mode,whereupon the display 2 goes blank and any device input/output ports arelocked. If the user attempts to activate the PDA 1, e.g. by tapping thetouch sensitive display, a message is displayed on the display 2prompting the user to enter the short password. A numerical keypad isalso displayed. A password entered by the user is compared against thestored (encrypted) password. If it has been entered correctly, theencryption application causes the PDA to enter the normal active modeagain in which the user can access and decrypt encrypted data and useother functions of the PDA 1. If the user has not entered the correctpassword, he may or may not be given a limited number of furtheropportunities. If the correct password is not entered on the first (orsubsequent) attempt, the application deletes the stored cryptographickey thereby locking the encrypted data.

A new message is displayed prompting the user to enter the longerpassphrase that will now be required in order to recreate thecryptographic key in memory and access the data. If the passphrase isentered correctly, the cryptographic key is recreated and the encryptionapplication causes the PDA to enter the normal active mode again. If theuser cannot reproduce the correct passphrase during a limited number ofopportunities, a new message is displayed prompting the user to enterthe complete cryptographic key which the user should have saved as abackup. The user may enter this manually using the touch sensitivedisplay 2, or may enter it electronically via an input port of thedevice (e.g. serial, IR, Bluetooth®, etc), or may retrieve it from hismobile network operator. If the key cannot be provided, recovery ofencrypted data may not be possible.

The method described above is further illustrated by the flow diagram ofFIG. 2.

It will be appreciated by the person of skill in the art that variousmodifications may be made to the above described embodiment withoutdeparting from the scope of the present invention. For example, afterextended periods of use (e.g. one day), the user may be prompted toenter the long passphrase even if the device has not been turned off inthe meantime. This further increases the level of security. In anothermodification, the protection afforded by the passphrase and password mayapply only to designated or encrypted data. That is, if a user entersthe incorrect passphrase or password, or does not know these, he maystill be able to access the normal functions of the device (e.g. to makea phone call) but will not be able to access the encrypted data.

1. A method of securing data stored on an electronic device, the methodcomprising: encrypting the data using a cryptographic key derivable fromor accessed using a passphrase; requiring the entry into the device ofthe passphrase when a user wishes to access the data; subsequentlyinhibiting access to the data whilst the device remains active andpowered up; and requiring the entry by the user into the device of apredefined password when a user wishes to access the data followinginhibition of data access, the password being different from thepassphrase, wherein, if the user fails to enter the correct passwordwithin a predefined number of attempts, the cryptographic key stored bythe device is deleted or re-encrypted.
 2. A method according to claim 1,wherein, in the event that the user fails to enter the correct passwordwithin a predefined number of attempts, the user is requested to reenterthe correct passphrase.
 3. A method according to claim 2, wherein, ifthe correct passphrase is not reentered by the user following failure bythe user to enter the correct password, the encrypted data may only beaccessed by entering the cryptographic key into the device.
 4. A methodaccording to claim 1 and comprising storing the predefined password in amemory of the device following encryption with said password or saidcryptographic key, and verifying the password entered by the user bycomparing it with the stored password.
 5. A method of preventingunauthorised access to electronic data stored on a computer device, themethod comprising: requesting a user to input a passphrase into thedevice; receiving an entered passphrase and using the passphrase togenerate or access a cryptographic key; storing the cryptographic key ina memory of the device, wherein the stored key can be used tosubsequently encrypt and decrypt data on the device; subsequentlyinhibiting a user from accessing data on the device after a predefinedperiod, or after a predefined period of non-use, or after somepredefined action by the user; requesting a user to input a passwordinto the device; and receiving the password and, only if the passwordcorresponds to a predefined password which is different from saidpassphrase, allowing the user to access data on the device, otherwisedeleting or re-encrypting the cryptographic key.
 6. Apparatus forsecuring electronic data, the apparatus comprising: a memory for storingencrypted and unencrypted data; first processing means for encryptingdata using a cryptographic key derivable from or accessed using apassphrase; input means for receiving the passphrase from a user whenthe user wishes to access the data; and second processing means forsubsequently inhibiting access to the data whilst the device remainsactive and powered up, for requiring the entry into the device by theuser of a predefined password via said input means when a user wishes toaccess the data, the password being different from the passphrase, andfor causing the cryptographic key stored by the device to be deleted orre-encrypted if the user fails to enter the correct password within apredefined number of attempts.
 7. Apparatus according to claim 6, theapparatus being a mobile computer device such as a laptop or palmtopcomputer, a PDA, or a mobile telephone.
 8. A computer storage mediumhaving stored thereon a program for causing a computer device to securedata stored on the electronic device by: encrypting the data using acryptographic key derivable from or accessed using a passphrase,requiring the entry into the device of the passphrase when a user wishesto access the data, subsequently inhibiting access to the data whilstthe device remains active and powered up, and requiring the entry by theuser into the device of a predefined password when a user wishes toaccess the data, the password being different from the passphrase, and,in the event that the user fails to enter the correct password within apredefined number of attempts, deleting or re-encrypting thecryptographic key stored by the device.